NimbostratusF5 ASM does no send response log to ArcSight Remote Storage Type.
Hi i want to send my response logging to my ArcSight system which getting the logs in CEF format. but i note that when i am choosing the remote storage type "ArcSight" its not sending me the response log. it sends me all data except the response i was trying to change from UDP to TCP but it didn't help. so i open a support ticket and the answer was very wired. anyone share same issue like i do ?
**this is the support Representative answer to my issue Regarding your issue: I understand that ASM logging profile does not include response data for ArcSight type. The option is currently not supported and bug id511447 filed to remove misleading check box for 'Response Logging' when server type is set to ArcSight. The reason is because the arcsight CEF format doesn't allow more than 6 custom field and therefore limited us in which fields can be included.
A possible workaround is as follows: You can compose the arcsight format within the user-defined format, and you can add there the field to whatever is needed according to the given fields."
- Security ?? Event Logs : Logging Profiles ?? Create New Logging Profile...
- Configuration = Advanced
- Remote Storage = Enabled; type = Remote
- Storage Format = User Defined
- Pick the same fields as ArcSight including response_code
